From 70697be9a5230b3e254a9df68b8cba599dbbab90 Mon Sep 17 00:00:00 2001
From: ThePedroo <pedroolimpioguerra@gmail.com>
Date: Tue, 27 May 2025 19:29:59 -0300
Subject: [PATCH] fix: `ptrace_message` leaking ReZygisk existence (zygote pid)

This commit fixes a trace left due to a kernel bug. In some cases (and all of them here), the sequence of events may lead to "ptrace_message" not be properly reset/not represent the actual state. This happens here, as when TRACEFORK is set in "monitor.c", setting "ptrace_message" as the PID of the new process, persists even when not tracing anymore, causing leaks.

This fix has been given by @nampud, in #171.
---
 loader/src/ptracer/ptracer.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/loader/src/ptracer/ptracer.c b/loader/src/ptracer/ptracer.c
index d2655f6..cb47d98 100644
--- a/loader/src/ptracer/ptracer.c
+++ b/loader/src/ptracer/ptracer.c
@@ -418,6 +418,16 @@ bool trace_zygote(int pid) {
       if (STOPPED_WITH(SIGCONT, 0)) {
         LOGD("received SIGCONT");
 
+        /* INFO: Due to kernel bugs, fixed in 5.16+, ptrace_message (msg of
+             PTRACE_GETEVENTMSG) may not represent the current state of
+             the process. Because we set some options, which alters the
+             ptrace_message, we need to call PTRACE_SYSCALL to reset the
+             ptrace_message to 0, the default/normal state.
+        */
+        ptrace(PTRACE_SYSCALL, pid, 0, 0);
+
+        WAIT_OR_DIE
+
         ptrace(PTRACE_DETACH, pid, 0, SIGCONT);
       }
     } else {